[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] DameWare Mini-RC Shatter

To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] DameWare Mini-RC Shatter
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
Date: Thu, 14 Aug 2003 00:01:33 +1200

The wood-ster wrote:

> i would assume that any command you can type localy
>  is available as this is a remote control product ( trojan )
> ie: this is a feature, not a flaw?

D'oh!

Did you not read the whole advisory?

We know you like Dameware from earlier messages of yours, so I'll try 
to make this really easy for you...

Here's a hint -- I've snipped away everything from the original 
advisory other than the part even you should be able to understand:

> > 5) Vendor status/notes/fixes/statements
> >
> >    Dameware Development has repaired all current known vulnerabilities.
> >
> >    Dameware Development will continue researching and developing
> alternate
> >    development methods to ensure their software remains secure.
> >
> >    A fix is available from Dameware Development by downloading version
> >    3.71.0.0 or later from their website.[1]

Now, do you think that Dameware folk would "fix" a "feature"?

Did you even think?

Please stop littering our mailboxes with your ill-considered 
dribblings.  Please...

Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] DameWare Mini-RC Shatter
  - From: "morning_wood" <se_cur_ity@hotmail.com>

Prev by Date: Re: [Full-Disclosure] PHP dlopen() -> Fun with apache (and other
Next by Date: [Full-Disclosure] windowsupdate.com
Prev by thread: Re: [Full-Disclosure] DameWare Mini-RC Shatter
Next by thread: [Full-Disclosure] PHP dlopen() -> Fun with apache (and other
Index(es):
- Date
- Thread